Data breaches in Washington state increased by nearly 20 percent in 2019, though fewer residents were affected due to the relative size of the breaches.
Washington Attorney General Bob Ferguson has released his fourth annual Data Breach Report, which relies on filings from businesses and state agencies that experienced breaches affecting at least 500 residents between July 2018 and July of this year. Over the year, data breaches impacted 390,000 Washingtonians, well below 2018 when the number was 3.4 million, mainly due to a mega-breach reported that year by credit-reporting firm Equifax.
There were no mega-breaches affecting Washington residents in fiscal year 2019, though the number of those impacted by small to mid-size breaches more than doubled – from 180,000 to 390,000.
New consumer protections go into effect on March 1st, which include reducing the deadline to notify consumers and the Attorney General’s Office of a data breach from 45 to 30 days, and expanding the definition of “personally identifiable information” to include, among other things, Tax ID numbers, passport numbers, health insurance policy numbers, medical history, and biometric data, such as fingerprints and DNA profiles.
The latest report makes several recommendations to policymakers on how to better protect people’s data, including expanding the definition of “personal information” to include tribal identification numbers, and amending state law to require notification if financial information or Social Security Numbers are breached, even if the full names of the associated individuals are not. (Washington AG)
